Binary Ninja 5.2, Io, is live and it's out of this world! https://binary.ninja/2025/11/13/binary-ninja-5.2-io.html

With some of our most requested features of all time including bitfield support, containers, hexagon, Ghidra import, and a huge upgrade to TTD capabilities, plus a ton more, make sure to check out the changelog!

This is my new favorite #design #fail.

Your periodic reminder that most CLI password prompts accept Ctrl+U to fully clear input so you can try again. Leave that backspace key alone.

@ricci

Not just natural language processing. It’s also the largest public archive of spreadsheets. When I was at Microsoft, a bunch of projects used it. For example, when the TypeScript version of the Excel calc engine wanted to see how good their coverage was, they tried to see how many of the Enron sheets they could correctly calculate (as in, give the same answers as desktop Excel, not give the answer without all of the fraud).

It sometimes surprises me to learn that there are people who don't know that one of the first really big datasets used to train and evaluate computer language and social models was (and still is) a bunch of internal emails from Enron.

Yes, that Enron. Collected as part of the investigation into its collapse.

https://en.wikipedia.org/wiki/Enron_Corpus

@cR0w As my bio says "I'm interested in all kinds of astronomy" :)

I wrote a proof-of-concept and writeup for CVE-2025-48593, an Android Bluetooth issue that only seems to affect devices that act as Bluetooth headsets / speakers. (i.e. NOT phones, only smartwatches/wearables/cars. And only after pairing. So you can stop worrying.)

https://github.com/zhuowei/blueshrimp

It should be a use-after-free; I haven’t gotten it to do anything interesting though.

So far, I was only able to get a null pointer deref (without malloc debug) or an attempted write to library rodata (with malloc debug).

Today, we're launching SlopStop: Community-driven AI slop detection in Kagi Search.

Join our collective defense against AI-generated spam and content farms:

https://blog.kagi.com/slopstop

#Kagi #Search #AISlop

Update to 4.11.1 now if you use it

CVE-2025-43515
https://support.apple.com/en-us/125693

https://infosec.exchange/@codecolorist/115385827463979240

The video for my TalosCon 2025 keynote, "The Complexity of Simplicity", is now up:

https://www.youtube.com/watch?v=Cum5uN2634o

Slides:

https://speakerdeck.com/bcantrill/the-complexity-of-simplicity

Huge Ws for Rust adoption in Android!

Historically, security improvements often came at a cost. More security meant more process, slower performance, or delayed features, forcing trade-offs between security and other product goals. The shift to Rust is different: we are significantly improving security and key development efficiency and product stability metrics.

https://security.googleblog.com/2025/11/rust-in-android-move-fast-fix-things.html

In our latest blog we speak with Marion Marschalek of @blackhoodie on how community fuels career, how one challenge led to many opportunities and how you can get involved.
https://hex-rays.com/blog/blackhoodie-interview-2025

OK, it seems I found it (although not very useful, acceptable value formats are not documented for example), at the end of the article about...publishing. Because somehow in the CLI's world there is just *no way* I won't update my code to GitHub :P

https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs#about-qlpackyml-files

@GitHubSecurityLab

Is it my weak search-fu again, or the new qlpack.yml format for #CodeQL is not officially documented? @GitHubSecurityLab

The best resource I could find is this one by @trailofbits:

https://appsec.guide/docs/static-analysis/codeql/advanced/#creating-new-query-packs

@campuscodi I'm really curious if the RXSS will get caught ItW!

https://github.com/v-p-b/xss-reflections

@freddy you needed to use mouse and shit for that. these days you just explain what you want:

https://www.youtube.com/watch?v=JeNS1ZNHQs8

"DiaSymbolView is a tool for visually inspecting debug information recorded in .pdb files. It relies on MSDIA API and presents a hierarchy of debug symbols and their 200+ properties."

https://github.com/diversenok/DiaSymbolView

#fromBsky

@freddy You mean Claude? :)

I bet I can use Atomic Rockets to calculate the kinetic energy of an IBM PS/2 Model 80 dropped from low orbit